[Samba] winbind - security hole?
Volker.Lendecke at SerNet.DE
Mon Mar 20 08:38:12 GMT 2006
On Mon, Mar 20, 2006 at 08:54:22AM +0100, Roland Schwarz wrote:
> Consequently if someone is having root access on any single workstation,
> he can modify the mapping at will to get root access to the entire
> domain. The only remedy I can see is to disallow root access on all
> workstations (which is a very undesirable fact).
But right now the only possibility.
> Are I am missing something, or is there a different setup possible to
> omit this security loophole?
No, you are right. In Samba trunk we have started working on
the unixinfo RPC pipe that eventually will fix this. But
it's not finished yet.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/samba/attachments/20060320/572c8511/attachment.bin
More information about the samba